1 /* 2 * Copyright (C) 2014 Intel Corporation. All rights reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef __WV_MOD_DRM_API_H_ 18 #define __WV_MOD_DRM_API_H_ 19 20 #include <inttypes.h> 21 #include "drm_common_api.h" 22 #include "wv_mod_oem_crypto.h" 23 24 /*! 25 * Defines 26 */ 27 #define DRM_WV_MOD_CLEAR_CONTENT_FLAG (1) 28 #define DRM_WV_MOD_AUDIO_CONTENT_FLAG (1 << 1) 29 #define DRM_WV_MOD_SECURE_CONTENT_FLAG (1 << 2) 30 31 /*! 32 * APIs 33 */ 34 uint32_t drm_wv_mod_open_session(uint32_t *session_id); 35 36 uint32_t drm_wv_mod_close_session(uint32_t session_id); 37 38 uint32_t drm_wv_mod_start_playback(uint32_t session_id); 39 40 uint32_t drm_wv_mod_stop_playback(uint32_t session_id); 41 42 uint32_t drm_wv_mod_generate_derived_keys(uint32_t session_id, 43 const uint8_t *mac_key_context, 44 uint32_t mac_key_context_length, 45 const uint8_t *enc_key_context, 46 uint32_t enc_key_context_length); 47 48 uint32_t drm_wv_mod_generate_nonce(uint32_t session_id, 49 uint32_t *nonce); 50 51 uint32_t drm_wv_mod_generate_signature(uint32_t session_id, 52 const uint8_t *message, 53 uint32_t message_length, 54 uint8_t *signature, 55 uint32_t *signature_length); 56 57 uint32_t drm_wv_mod_load_keys(uint32_t session_id, 58 const uint8_t *message, 59 uint32_t message_length, 60 const uint8_t *signature, 61 uint32_t signature_length, 62 const uint8_t *enc_mac_keys_iv, 63 const uint8_t *enc_mac_keys, 64 uint32_t num_keys, 65 const struct drm_wv_mod_key_object *key_array); 66 67 uint32_t drm_wv_mod_refresh_keys(uint32_t session_id, 68 const uint8_t *message, 69 uint32_t message_length, 70 const uint8_t *signature, 71 uint32_t signature_length, 72 uint32_t num_keys, 73 const struct drm_wv_mod_key_refresh_object *key_array); 74 75 uint32_t drm_wv_mod_select_key(uint32_t session_id, 76 const uint8_t *key_id, 77 uint32_t key_id_length); 78 79 uint32_t drm_wv_mod_decrypt_ctr(uint32_t session_id, 80 const uint8_t *inp_data_buffer, 81 uint32_t inp_data_size, 82 uint8_t *out_data_buffer, 83 uint32_t out_data_size, 84 const uint8_t *iv, 85 uint8_t flags); 86 87 uint32_t drm_wv_mod_rewrap_device_rsa_key(uint32_t session_id, 88 const uint8_t *message, 89 uint32_t message_length, 90 const uint8_t *signature, 91 uint32_t signature_length, 92 uint32_t *nonce, 93 const uint8_t *enc_rsa_key, 94 uint32_t enc_rsa_key_length, 95 const uint8_t *enc_rsa_key_iv, 96 uint8_t *wrapped_rsa_key, 97 uint32_t *wrapped_rsa_key_length); 98 99 uint32_t drm_wv_mod_load_device_rsa_key(uint32_t session_id, 100 const uint8_t *wrapped_rsa_key, 101 uint32_t wrapped_rsa_key_length); 102 103 uint32_t drm_wv_mod_generate_rsa_signature(uint32_t session_id, 104 const uint8_t *message, 105 uint32_t message_length, 106 uint8_t *signature, 107 uint32_t *signature_length); 108 109 uint32_t drm_wv_mod_derive_keys_from_session_key(uint32_t session_id, 110 const uint8_t *enc_session_key, 111 uint32_t enc_session_key_length, 112 const uint8_t *mac_key_context, 113 uint32_t mac_key_context_length, 114 const uint8_t *enc_key_context, 115 uint32_t enc_key_context_length); 116 117 uint32_t drm_wv_mod_generic_encrypt(uint32_t session_id, 118 const uint8_t *in_buffer, 119 uint32_t buffer_size, 120 const uint8_t *iv, 121 enum drm_wv_mod_algorithm algorithm, 122 uint8_t *out_buffer); 123 124 uint32_t drm_wv_mod_generic_decrypt(uint32_t session_id, 125 const uint8_t *in_buffer, 126 uint32_t buffer_size, 127 const uint8_t *iv, 128 enum drm_wv_mod_algorithm algorithm, 129 uint8_t *out_buffer); 130 131 uint32_t drm_wv_mod_generic_sign(uint32_t session_id, 132 const uint8_t *in_buffer, 133 uint32_t buffer_size, 134 enum drm_wv_mod_algorithm algorithm, 135 uint8_t *signature, 136 uint32_t *signature_size); 137 138 uint32_t drm_wv_mod_generic_verify(uint32_t session_id, 139 const uint8_t *in_buffer, 140 uint32_t buffer_size, 141 enum drm_wv_mod_algorithm algorithm, 142 const uint8_t *signature, 143 uint32_t signature_size); 144 145 /*! Version 9 specific APIs */ 146 uint32_t drm_wv_mod_v9_load_keys(uint32_t session_id, 147 const uint8_t *message, 148 uint32_t message_length, 149 const uint8_t *signature, 150 uint32_t signature_length, 151 const uint8_t *enc_mac_keys_iv, 152 const uint8_t *enc_mac_keys, 153 uint32_t num_keys, 154 const struct drm_wv_mod_key_object *key_array, 155 const uint8_t *pst, 156 uint32_t pst_length); 157 158 uint32_t drm_wv_mod_v9_generate_rsa_signature(uint32_t session_id, 159 const uint8_t *message, 160 uint32_t message_length, 161 uint8_t *signature, 162 uint32_t *signature_length, 163 enum drm_wv_mod_rsa_padding_scheme padding_scheme); 164 165 166 /** 167 * @brief Loads an existing usage table into chaabi secure memory 168 * 169 * This should be first called prior to load keys. Caller shall call 170 * drm_wv_mod_update_usage_table after making this call. 171 * 172 * @param[in] usage_table_data 173 * Existing usage table blob to load. If NULL, chaabi will 174 * return required table size. 175 * @param[in,out] data_size 176 * Size of the passed-in usage_table_data, in bytes. This 177 * will always be updated to the required table size. 178 */ 179 uint32_t drm_wv_mod_load_usage_table(const uint8_t *const usage_table_data, 180 uint32_t *const data_size); 181 182 /* @brief Update usage table and return it 183 * 184 * Chaabi will update the usage table from its TEE memory and set the flag 185 * is_updated. 186 * 187 * Upon returning DRM_WV_MOD_SUCCESS and is_updated == 1, caller should 188 * write save the usage table to the file system. 189 * 190 * @param[out] usage_table_data 191 * Buffer where the usage table will be returned. Input is ignored. 192 * This will only contain data if is_updated == 1. 193 * @param[in] data_size 194 * Size of the usage_table_data buffer, which must be large enough to 195 * hold the entire structure. This size can be obtained via the 196 * load_usage_table API or by re-using the size of a previous table blob. 197 * @param[out] is_updated 198 * Flag indicating if the table has changed since the last 199 * update_usage_table or load_usage_table call. 200 * 201 * TODO: Return documentation 202 */ 203 uint32_t drm_wv_mod_update_usage_table(uint8_t *const usage_table_data, 204 uint32_t data_size, 205 uint8_t *const is_updated); 206 207 // NOTE: drm_wv_mod_update_usage_table shall be called after calling this 208 // function 209 // TODO: Documentation 210 uint32_t drm_wv_mod_deactivate_usage_entry(const uint8_t *const pst, 211 uint32_t pst_length); 212 213 /** 214 * @brief Returns the usage entry information for a particular pst 215 * 216 * Caller shall call drm_wv_mod_update_usage_table after making this call. 217 * 218 * @param[in] session_id 219 * Session ID to be associated with the pst entry 220 * @param[in] pst 221 * Pointer to pst data used as an index into the usage table 222 * @param[in] pst_length 223 * Length of pst buffer in bytes 224 * @param[out] pst_report_buffer 225 * Pointer to caller-allocated memory where the usage report shall be placed 226 * @param[in,out] pst_report_buffer_length 227 * Length of provided pst_report_buffer in bytes. Should be sizeof(pst) + 228 * sizeof(struct OEMCrypto_PST_Report) in length. If extra space is provided, 229 * this field will reflect the actual size of the returned report. 230 * 231 * TODO: Return documentation 232 */ 233 uint32_t drm_wv_mod_report_usage(uint32_t session_id, 234 const uint8_t *const pst, 235 uint32_t pst_length, 236 uint8_t *const pst_report_buffer, 237 uint32_t *const pst_report_buffer_length); 238 239 /** 240 * @brief Deletes a previously-reported entry from the usage table 241 * 242 * Caller shall call drm_wv_mod_update_usage_table after making this call. 243 * 244 * @param[in] session_id 245 * Session ID previously associated with the pst 246 * @param[in] pst 247 * Pointer to pst data used as an index into the usage table 248 * @param[in] pst_length 249 * Length of pst buffer in bytes 250 * @param[in] msg 251 * Pointer to message to be verified 252 * @param[in] msg_len 253 * Length of msg buffer in bytes 254 * @param[in] signature 255 * Pointer to signature to verify against 256 * @param[in] signature_length 257 * Length of signature buffer in bytes 258 * 259 * TODO: Return Documentation 260 */ 261 uint32_t drm_wv_mod_delete_usage_entry(uint32_t session_id, 262 const uint8_t *const pst, 263 uint32_t pst_length, 264 const uint8_t *const msg, 265 uint32_t msg_length, 266 const uint8_t *const signature, 267 uint32_t signature_length); 268 269 // This will only clear Chaabi TEE memory. Caller is responsible for deleting 270 // usage table file from file system. 271 // TODO: Documentation 272 uint32_t drm_wv_mod_delete_usage_table(void); 273 274 /** 275 * brief Clear session context 276 * 277 * This API is used to reset all sessions context. 278 * Typically called to cleanup sessions resulting from a application crash. 279 */ 280 uint32_t drm_wv_mod_reset_session_context(void); 281 282 #endif /* __WV_MOD_DRM_API_H_ */ 283